Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP
Summary:
A critical remote code execution vulnerability (CVE-2024-27348, CVSS: 9.8) impacting Apache HugeGraph-Server versions before 1.3.0 has been actively exploited in the wild. The flaw resides in the Gremlin graph traversal language API and allows attackers to bypass security restrictions and gain complete control over vulnerable servers. Upgrading to Apache HugeGraph-Server version 1.3.0 with Java 11 and enabling the Auth system is crucial to mitigate the risk. Additionally, organizations can enhance security by implementing the "Whitelist-IP/port" function for RESTful API execution.
Security Officer Comments:
This recently disclosed vulnerability in Apache HugeGraph-Server poses a significant threat due to its critical nature (CVSS: 9.8) and active exploitation attempts. The public availability of proof-of-concept exploit code further escalates the urgency for immediate action. This urgency is reinforced with other examples of released PoCs. A characteristic example of the rise in the speed of weaponization is CVE-2024-27198, an authentication bypass flaw in JetBrains TeamCity. It's important to note that vulnerabilities in Apache projects have historically been attractive targets for cybercriminals, and this instance is likely no exception. Organizations utilizing Apache HugeGraph-Server should prioritize patching their systems to version 1.3.0 with Java 11 and enabling the recommended security measures to prevent potential compromises.
Suggested Corrections:
CVE-2024-27348 is actively exploited
PoC is published here.
https://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html
https://github.com/advisories/GHSA-29rc-vq7f-x335
A critical remote code execution vulnerability (CVE-2024-27348, CVSS: 9.8) impacting Apache HugeGraph-Server versions before 1.3.0 has been actively exploited in the wild. The flaw resides in the Gremlin graph traversal language API and allows attackers to bypass security restrictions and gain complete control over vulnerable servers. Upgrading to Apache HugeGraph-Server version 1.3.0 with Java 11 and enabling the Auth system is crucial to mitigate the risk. Additionally, organizations can enhance security by implementing the "Whitelist-IP/port" function for RESTful API execution.
Security Officer Comments:
This recently disclosed vulnerability in Apache HugeGraph-Server poses a significant threat due to its critical nature (CVSS: 9.8) and active exploitation attempts. The public availability of proof-of-concept exploit code further escalates the urgency for immediate action. This urgency is reinforced with other examples of released PoCs. A characteristic example of the rise in the speed of weaponization is CVE-2024-27198, an authentication bypass flaw in JetBrains TeamCity. It's important to note that vulnerabilities in Apache projects have historically been attractive targets for cybercriminals, and this instance is likely no exception. Organizations utilizing Apache HugeGraph-Server should prioritize patching their systems to version 1.3.0 with Java 11 and enabling the recommended security measures to prevent potential compromises.
Suggested Corrections:
CVE-2024-27348 is actively exploited
PoC is published here.
- Upgrade Immediately: The primary mitigation strategy is to upgrade to Apache HugeGraph-Server version 1.3.0 or later. This patched version addresses the vulnerability and significantly reduces the attack surface. Ensure Java 11 is used when running the upgraded version for optimal security.
- Enable Authentication: Activate the built-in authentication system within HugeGraph-Server. This restricts unauthorized access to the Gremlin server, preventing attackers from exploiting the vulnerability without proper credentials.
- Implement IP/Port Whitelisting: Configure the "Whitelist-IP/port" feature to further tighten security. This allows access to the RESTful API only from authorized IP addresses and ports, minimizing the potential attack vectors.
- Network Segmentation: Segment the network where HugeGraph-Server resides. This limits the potential damage if an attacker manages to exploit the vulnerability. By isolating the server on a separate network segment, critical systems and data remain protected even if the server is compromised.
https://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html
https://github.com/advisories/GHSA-29rc-vq7f-x335